cURL 的 SSL 证书问题 - sslcerts

Question

I am trying establish communication between my Linux server (Debian GNU/Linux 10 buster) and a microservice located in another server. Telnet is working fine, but when I try to execute a curl, I get this error:

$ curl "https://url.com.br/path"

curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

I also have 2 .cer but I am not sure what I should do

EDIT:

Tried to execute with -kv as @kashif suggested and here is the output:

* Expire in 0 ms for 6 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 1 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
* Expire in 0 ms for 1 (transfer 0x556613046fb0)
*   Trying IP...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x556613046fb0)
* Connected to url.com.br (IP) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none   CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=BR; ST=SP; L=S㯠Paulo; O=EMPRESA; OU=SIT; CN=URL
*  start date: Jun 22 19:02:03 2021 GMT
*  expire date: Jun 21 19:02:03 2024 GMT
*  issuer: DC=br; DC=com; DC=EMPRESA; CN=EMPRESA Subordinate CA - Novo
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /PATH HTTP/1.1
> Host: URL
> User-Agent: curl/7.64.0
> Accept: */*
> 
* TLSv1.2 (IN), TLS handshake, Hello request (0):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* old SSL session ID is stale, removing < HTTP/1.1 404 Not Found < Content-Type: text/html < Server: Microsoft-IIS/10.0 < Date: Fri, 18 Mar 2022 14:01:48 GMT < Content-Length: 1245 <  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>404 - File or directory not found.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;}  h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;}  h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
--> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content">  <div class="content-container"><fieldset>   <h2>404 - File or directory not found.</h2>   <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>  </fieldset></div> </div> </body> </html>
* Connection #0 to host URL left intact

Answer 1

Try first with no certificate check(k) and in verbose mode(v).

curl -kv url : port

curl -kv "https://url.com.br/path"